mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-25 11:55:03 +03:00
Added Vary value for CORS in Frontend
refs https://github.com/TryGhost/Toolbox/issues/461 - Having a 'Origin' in vary header value present on each `OPTIONS` allows to correctly bucket "allowed CORS" and "disallowed CORS" responses in shared caches
This commit is contained in:
parent
f581e33400
commit
a8ba8cc444
@ -54,4 +54,19 @@ function corsOptionsDelegate(req, callback) {
|
||||
callback(null, corsOptions);
|
||||
}
|
||||
|
||||
module.exports = cors(corsOptionsDelegate);
|
||||
/**
|
||||
*
|
||||
* @param {Express.Request} req
|
||||
* @param {Express.Response} res
|
||||
* @param {Function} next
|
||||
*/
|
||||
const handleCaching = (req, res, next) => {
|
||||
// @NOTE: try to add native support for dynamic 'vary' header value in 'cors' module
|
||||
res.vary('Origin');
|
||||
next();
|
||||
};
|
||||
|
||||
module.exports = [
|
||||
cors(corsOptionsDelegate),
|
||||
handleCaching
|
||||
];
|
||||
|
@ -108,7 +108,7 @@ describe('OPTIONS requests', function () {
|
||||
.expect(200);
|
||||
|
||||
assert.equal(res.headers['cache-control'], 'public, max-age=0');
|
||||
assert.equal(res.headers.vary, 'Accept-Encoding');
|
||||
assert.equal(res.headers.vary, 'Origin, Accept-Encoding');
|
||||
assert.equal(res.headers.allow, 'POST,GET,HEAD');
|
||||
});
|
||||
|
||||
@ -119,7 +119,7 @@ describe('OPTIONS requests', function () {
|
||||
.expect(200);
|
||||
|
||||
assert.equal(res.headers['cache-control'], 'public, max-age=0');
|
||||
assert.equal(res.headers.vary, 'Accept-Encoding');
|
||||
assert.equal(res.headers.vary, 'Origin, Accept-Encoding');
|
||||
assert.equal(res.headers.allow, 'POST,GET,HEAD');
|
||||
});
|
||||
});
|
||||
|
Loading…
Reference in New Issue
Block a user